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Abstract: 

The lambda calculus with constructors is an extension of the lambda calculus with 
variadic constructors. It decomposes the pattern-matching a la ML into a case ana- 
lysis on constants and a commutation rule between case and application constructs. 
Although this commutation rule does not match with the usual computing intuitions, 
it makes the calculus expressive and confluent, with a rather simple syntax. In this 
paper we define a sound notion of categorical model for the lambda calculus with 
constructors. We then prove that this definition is complete for the fragment of the 
calculus with no match-failure, using the model of partial equivalence relations. 
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Introduction 

Pattern matching is now a key feature in most functional programming languages. Inherited 
from the simple constants recognition mechanism that appeared in the late 60's (in Snohol or 
in Pascal for instance), it is now a elaborated feature in main programming languages (ML, 
Haskell etc.) and some proof assistants (such as Coq or Agda), able to decompose complex 
data-structures. 

Its theoretical aspects are being intensively studied since the 90's [5, 11]. In particular, 
several lambda calculi with pattern matching have been proposed [19, 4, 8]. Among them, the 
lambda calculus with constructors [1] (or A^^-calculus) offers the advantage of having simple 
computation rules. Indeed, the pattern matching d la ML is there decomposed into two atomic 
rules (a constants analysis rule, and a commutation rule). The rather simple syntax of this cal- 
culus together with the decomposition of its powerful computational behaviour into elementary 
steps stimulate a semantic study of the the A^^-calculus from a categorical point of view. 

As far as we know, no categorical model had been proposed so far for a calculus with 
pattern matching. Yet category theory allows to express some generic semantic properties 
on a calculus, and to factorise many of its different concrete models. Furthermore, when the 
categorical model is complete, it synthesises exactly the extensional properties of the calculus. 
Since the description of the models for the pure lambda calculus as Cartesian closed categories 
with a reflexive object [16], some complete categorical models have been defined for variants of 
the lambda calculus [7, 17, 6]. 

In this paper, after a brief presentation of the A'g'-calculus (Sec. ), we establish a categorical 
definition of models for it (Sec. 2). We then prove that it is to some extent complete for the 
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A.^-calculus, using the standard PER model and some rewriting techniques (Sec. 3). Notice 
that we only use very basic notions of category theory (knowledge of the first two chapters of [3] 
is sufficient). 

1 The lambda calculus with constructors 

The lambda calculus with constructors extends the pure lambda calculus with pattern matching 
features: a set of constants (that we consider here to be finite of cardinal n) called constructors 
and denoted by c, d etc. is added, with a simple mechanism of case analysis on these constants 
(similar to the case instruction of Pascal): 

{\ci^ti;...;ck^tk\^-Ci ti (CaseCons) 

Although only constant constructors can be analysed, a matching on variant constructors can 
be performed via a commutation rule between case construction and application: 

^e\\ ■ (tu) {^9^ ■ t) u (CaseApp) 

This commutation rule enables simulating any pattern matching a la ML, by generalising the 
following example: in the A'g'-calculus, the predecessor function on unary integers (represented 
with the constructors and S) is implemented as pred = Ax.{|0 i-^ 0; S i-^ Ay.y|} • x. Applying 
this function to a non zero integer S n actually produces the expected result: 

pred (S m) — )■ {|0 i-> 0; S Ay.y|} • (S m) 

— )■ (-{]0 I— 0; S I— )■ Ay.yH • S) m — > {Xy.y) m m 

Formally, the syntax of the A^^-calculus is defined by the following grammar: 

t,u,v := X \ tu \ Xx.t I c [ • t 

9, (f> := {Ci I— ?• Ui; . . . ; l— )• Uf^} (with A:>0 and Ci^Cj for ij^j) 

In the terms (denoted by t,u etc.) the application takes precedence over lambda abstraction 
and case construct. Notice that constructors, like any terms, can be applied to any number of 
arguments and thereby are variadic (they have no fix arity). We call data- structure a term on 
the form cti • • • t^- 

A case-binding 9 is just a (partial) function from constructors to terms, whose domain is 
written dom{9). By analogy with sequential notation, we may write 6c for u when c i— ?> n € 0. 
In order to ease the reading, we may write {|ci H- ui; . . . ; Cn • t instead of {|{ci i-^ 

ui] . . . -jCn 1-^ Un}^ ■ t. The usual definition of the free variables of a term is naturally extended 
to the new constructions of the calculus, taking care that constructors are not variables (and 
therefore not subject to substitution nor a-conversion) . 

In this calculus, a match failure is a term • c where c ^ dom(0). We say that a term is 
defined when none of its subterm is a match failure, and that it is hereditarily defined when all 
this reducts (in any number of steps, including zero) are defined. 

Reduction rules are given in Fig. 1. In addition to the usual /3-reduction (called AppLam) 
and to the two rules presented earlier, there is a rule of commutation between case construct 
and lambda abstraction (CaseLam) to ensure confiuence [1, Cor. 1], and the usual r/-reduction 
(called LamApp) as well as a rule of composition of case-bindings (CaseCase) so that the 
calculus enjoys the separation property [1, Theo. 2]. More explanations and examples about 
this calculus can be found in [2, 12]. 
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AppLam (AL) {Xx.t)u -> t[x := x]u 

LamApp (LA) Xx.tx -> t {x ^ fv(t)) 



CaseCons (CO) pW-c t {{c^t)ee) 

CaseApp (CA) FH-M ^ 

caselam (cl) ^ei ■ Xx.t Xx.le^ -t {x^ fv{e)) 

CaseCase (CC) fl^^J'/'r* ^ P°(l)^-t 

with 6io {ci h;...;cn ^ tn} = {ci ^ ■ ti;...;c„ ^ ■ t„} 



Figure 1: Reduction rules for A^^. 

2 The categorical model 

In this section we may define a notion of a categorical model for the A<^-calculus, that we prove 
to be sound. No deep knowledge in category theory is assumed from the reader, he might just 
know the definition of a Cartesian closed category (also said a CCC). 

The notations we use are quite standard: in a CCC, the product of two objects A and B 
is written A x B and their exponential B^. The A;-ary product of A is denoted by A^, and 
the identity morphism on A by Ma (or simply Id if it raises no ambiguity). The i^^ projection 
morphism of a k-aiy product is written vr^, or vr- if A; = 2. Given some morphisms f : A ^ B, 
g : A ^ C and h : A ^ C, {f; g) denotes the pairing of / and g^ and /; h the composition 
of / and h. The evaluation map of A and i? is ev : B^ x A ^ B and the curried form of a 
morphism / is written A(/). 

2.1 A ,f -models 

It is well known [1(J] that Cartesian closed categories have exactly the good structure to interpret 
the typed lambda calculus. To cope with the problem of self application of terms, such a category 
must be provided with a reflexive object D in order to interpret the untyped lambda calculus [16] . 
Terms are then interpreted by points of D. The denotation of applications is constructed with a 
morphism app : D — )• D^, and the one of lambda abstractions with a morphism lam : — ?> D. 
Also the correction of the /3-reduction is ensured by the equality lam; app = Idj^o (if moreover 
app; lam = Md, then the model satisfies the ry-equivalence) . 

Building a model for the A>i^-calculus requires some extra morphisms and equalities for the 
new constructions and the new rules of the calculus. In particular, writing {ci, . . . Cn} the 
set of constructors, a special point c* of D is needed for each i < n to interpret them. The 
denotations of case-bindings are then points of D^. A case binding 6 is interpreted by the 
n-tuple {di; . . . ;dn) where di is the denotation of 9^^ if Cj G dom(0), and is a special point ^ 
representing match failure otherwise. In order to interpret case constructs, we need a morphism 
case : x D ^ D, that transforms the denotation of 6 and t into the one of {|0|} • t. 

Let us informally confuse terms and their denotations, and write a case-binding {cj i— )• 
Ui/1 < i < n} as {c u} and its denotation as u. Then the rule CaseCons is valid if 
{|c I— 7- u|} • Cj and Ui have the same denotation, i.e. intuitively if case(M, q) = ■7Tf{u). This is 
formally expressed by the commutation of the diagram {D2) in Fig. 2. 
In the same way, the rule CaseApp is valid if the diagram {D3) commutes, i.e. if 
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_xappx_ _xev case „ 

D'' X D X D > L>" X X D > £)" x D > D 

{u,t,t') {u,x.tx,t') {u , W) {|c u|} • («') 

(where x.v represents the function mapping vq to v[x := vq\) is equal to 

casex_ appx_ ev 

W X D X D > D X D > X D > D 

{u,t,t') ({|c ^ u[} • i , t') {x.[f\c^ ■t)x , t') (flc H> w|} -t) 

To express the rule CaseLam we need a morphism that abstracts the case construct w.r.t. 
a variable: 

case° = A(/case) : D'^xD^ ^ 

{u,x.t) 1-^ f . {|c i-T- n|} • t 

1 J, , — , n Id^nxev case 

where /case = (D" x D^) x D ^ D" x {D^ x D) > D'' x D > D ■ 

Then the rule CaseLam is valid if (DA) commutes: 

D^^xD^^D^ ,D = D-xD^-^D-xD^^D 

(u,x.t) x.^c^^u^-t Ax.{|c (— > m[} • t {u,x.t) (u,Xx.t) ^ct-^u^-Xx.t 

Also the rule CaseCase requires a morphism to compose case-bindings: 

• : D"" xD" 

It is defined as the pairing of the morphisms {Id£,n x 7r");case, for 1 < i < n. So it is the 
unique morphism that makes the diagram on the following commute. 

X 

^1 




Then the commutation of the diagram (^5) validates the rule CaseCase. 
This leads to the following definition. 

Definition 2.1 (A^^-niodel) A categorical model for the untyped X^^-calculus is 
^ = {C , D , app , lam , {c*)f^i, ^ , case) where 

• C is a Cartesian closed category, 

• D is an object of C, 

• All the c* 's and ^ are points of D, 

• app is a morphism of D ^ , lam is a morphism of D and case a morphism 
ofD'^xD^D, 

• The six diagrams of Fig. 2 commute (the diagram {D2) must commute for every i E [[l..n]j. 
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Lam App / AppLam 



CaseCons 



{Dl) 



Idn app Idj^i 

D D^^ 



lam 



< > X 1 

Idxc* 



D <- 



LI" X D 



CaseApp 



CaseLam 



(L>" X D) X D <^ D"" X (D X D) 



casex Id 

DxD 

app X Id 

X D 



Idx{appxld) 

X {D^ X D) 

Idxev 

D" X D 

y 

D 



„ case" _ 



Idxlsm 

L> " X D 



lam 



D 



CaseCase 



(D" X D") X D X (L>" X L>) 

• x/d Hxcase 

X D X D 

case^^^\^ ^/''''case 



(1)6) 



Hon Xi 

Z?" X 1 > X D 



Figure 2: Commuting diagrams in a A<^-model 



Equivalent definition. In fact we can simplify the definition of a A^^-model, since the iso- 
morphism D = entails the equivalence of the diagrams (-D3) and {DA). This can be under- 
stood from a syntactical point of view, given that the commutation of the diagram {D2>) validates 
the rule CaseApp and the one of [DA) validates CaseLam. Indeed, the only role of CaseLam 
in the calculus is to close a critical pair created by the rule CaseApp [1, Theo. 1, (CC3)\. 

Proposition 2.1 If lam and app form an isomorphism between D and , then the dia- 
gram {D3) commutes if and only if the diagram (DA) commutes. 

Proof: 

Since (Dl) commutes, (DA) commutes iff the diagram on 
the right commutes. 
Write / = Idj:)n x lam; case; app. 

Since case° = A(=;Id£)n x ev;case), and by uniqueness 
of the exponential, / = case° if and only if the following 
diagram commutes: 

^ = ; IdnnXev ; case 

(D" X D^) X D 
D° X D 



X 

/dxlam 

D"" X D 



app 



D 
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We can detail this diagram as follows: 



(L>" X D^) xD — > L>" X {D^ X D) ^ D'' X D 

(/d X lam) X /d ^= J (Idx app) X Id j' Idjjn X (app X /djj ) 

(L>" X D) xD x{DxD) 

casex/doj^ (-^3) 

1} X D ^ xD ^ D 

app X /do 

Since the sub-diagram in the upper-left corner commutes, then {DA) commutes if and only if 
(D3) commutes. □ 
Thus we can omit the commutation of (-D3) or the one of {DA) in the definition of a A^^-model. 

2.2 Soundness 

In the previous section we gave some intuitions on how to interpret A^-terms in a A^^-model. 
Formally, the denotation [t]r of a term t in such a category is defined by structural induction (in 
Fig. 3). It depends on a list of variables F = xi, • • • ,Xk that must contain all the free variables 
of t, and its a morphism of D^ — ?• D. Similarly, the denotation [^]r of a case-binding 9 with 
free variables in F is a morphism of D^ — )■ D". We show that this definition provides a correct 
model of the A^-calculus (we write —x^ for the reflexive symmetric transitive closure of its six 
rules) . 





= TT^ : 


[tu]v 


= D^ 




= D'' 


where ft 


= D'' 


[c]r 


= D^ 




= D^ 




= {fir 



]r;Mr) appx/do „ 



^ DxD — ^ D"^ X D > D 



J^^D^ ^^D 



D 



]r;Mr) case 

> X D > D 



{fi;--- ■Jn):D^ ^D^ , where fi 



[ui]r if Ci 1-^ € 
Ij^k-J if Ci ^ dom(6') 



Figure 3: Interpretation of A<i^-terms in a categorical model 



Theorem 2.2 (Soundness) If ^ = (C, lam, app, (c*)"^;^, case, ^ ) is a X<ff-model, then for 
any X-^g-term t,t' whose free variables are in T, 

t t' =^ [t]T = [t']r 

To prove this theorem, we fix a A<i^-model ^ = (C, D, lam, app, (c*)"^;^, case, ^ ) and use some 
preliminary lemmas. The first one expresses that the morphism • actually corresponds to case- 
composition. This is where we technically need the diagram {D6), even though its semantic 
meaning is not as intuitive as for the other one. 
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Lemma 2.3 (Categorical case-composition) // the diagram {D6) commutes, then for any 
case-bindings 9 and (j), whose free variables are in T = {xi, . . . ,Xk}, the following diagram 
commute: 



, .-']r,Mr> 



> X D""- 




Proof: U (p = {ci ^ Ui/i e J} (with J C [[l..n]), then 

[6»o </)]r = (/i, ...,/„) , with fi 



On the other hand, • = {(^{Md" x tt"); case), . . . , ((/dD" x tt" ); case)). So 



{[d]T,[(p]r) ; •= {gi,---,9n), with 5^ = ([6']r, (Mr ; vr,")) ; case . 

If i G J, [<?!<]r ; tt" = [ui]r and then = ([^]r) [^i]r) ; case which is fi. 
If i ^ J, then [0]r ; vr" = !^fe x ^ . Hence 

<[^]r,!^''> Idn^xi case „ 

= ^ X 1 > D" X D ^ D 

= / X 1 ^ > 1 ^ > D (by (-06)) 

= D'^ ^1 > 1 ^ > D 

So gi = fi for any i < n, and {[6]r,[(f)]r) ; • = [do(p]r- □ 
We also need the standard following lemmas. 

Lemma 2.4 (Contextual rules) Exchange: Let T = {xi, . . . ,Xk} and a be a substitution 
over ll..kj. Write cr{T) = {o"(l), . . . ,a{k)}. Then, for any term t whose free variables are in T, 

Wr = (7r^(i)>--->7r^(fc)) ; Wa(r) • 

Weakening: Let T = {xi, . . . ,Xk} containing all free variables of a term t, and y ^T. Then 

[t]r,y= (4+\...,vr,^+i); [t]r . 

Lemma 2.5 (Substitution) Given T = {xi, . . . , Xk}, and two terms t and u such that fv(n) C 
r and fv(t) C r U {y}, 

[t[y ■= u]]r = > D'' X D > D^+^ > D 

The soundness theorem is then a direct corollary of the following proposition, that is proved 
(in appendix A) by structural induction: 

Proposition 2.6 If ^ = (C, lam, app, (ci*)"^]^, case, ^ ) is a X^^model, then for any T = 
{xi, . . . ,Xk} and any terms ti,t2 such that fv(ti) C T and ti — t- t2, the interpretation given in 
Fig. 3 satisfies [ti]r = [t2]r- 
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3 Completeness 



In this part we shall prove that the converse of Theo. 2.2 holds in absence of match failure. 
Namely if two terms have the same interpretation in any Af^-model then they are convertible 
using the rules of the calculus. It means that, without match failure, the diagrams of Fig. 2 are 
minimal. 

Theorem 3.1 (Completeness) If t and t' are two hereditarily defined \^g-terms such that in 
any categorical Xg-model \t]=\t'], then 



Notice that this theorem does not hold for undefined terms. Indeed, every match failure 
receives the same denotation ^ in any A^^-model, even though they are not A^^-convertible. The 
completeness result is established using the same method as [6]: 

1. We define Pera.^, the Cartesian closed category of partial equivalence relation compatible 
with 

2. In this syntactic category, we construct a A-g'-model ^synt- 

3. Then we show that if [t] = [t'] in ^synt-, then t t! . 



3.1 Partial equivalence relations 

Partial equivalence relations (PER) are commonly used to transform a model of the untyped 
lambda calculus into a model of the typed lambda-calculus [9, 18]. Yet we use them here 
to instantiate the definition of A<^-models in the category of PER on A-j^-terms. Thereby we 
construct a syntactic model of the untyped A<i^-calculus. 

Definition 3.1 (A<^— per) Given a set X, a partial equivalence relation on X is a binary 
relation R that is symmetric and transitive. We may write x = y : R instead of (x, y) £ R. A 
X^—per is a partial equivalence relation R on A (the set of all Xcg- -terms) that is compatible 
with -equivalence, which means: 

< ^ ^ ^, implies t = tn : R 

We write the equivalence class of an element e modulo R (or simply e when it raises no 
ambiguity), and if it is non empty we say that e is accessible by R. This is denoted by e G i?. 
We call the domain of R (denoted by dom(i?)) the set of all its accessible elements modulo R: 
dom(i?) = {e^ / e £ R}. Notice that if a partial equivalence relation R is compatible with X^ 
then by definition 

tc^x^t' =^ t^=?^. (1) 

It is well known that the family of partial equivalence relations can be provided with the usual 
semantic operators (arrow, and product) and constitute a CCC [15, Theo 7.1] To this end, we 
use the well-known Church's encoding for tuples: 

l\xi,...,Xk\)k = Xf.fxi...Xk 

vrf = Xp.p{Xxi . . .Xk-Xi) (ie[i..fc]) 

(We may write (\x,y\) for l\x,y\)2 and tt^ for irf). It satisfies the expected equivalence: 

7rf (\ti,.. .,tk\)k U. 
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Proposition 3.2 (Operations on Xc^—pers) Let {Ri)i<i<n be a family of PERs (withn > 2). 
Define Ri — ?• R2 and Ri x . . . x i?„ by 

t = t' : R R' when for any u, u', u = u' : R =^ tu = t'u' : R' 

t = u : Ri X . . . X Rf^ when for each i G [l-.A;]], vr^t = vr^^n : Ri 

Then if all the Ri 's are X^g—pers, so are Ri — ?• R2 and Ri x . . . x Rn- 



The category Per;^^. The previous proposition enables providing the category of X^—pers 
with the structure of a CCC. In the category Perac^ , objects are the PERs compatible with A^^, 
and given two X^g—pers A and B the morphisms oi A ^ B are the equivalence classes in 
dom(^ 
and t' : 



B 



A ^ B 



B 



■j4— >j4 — 
I. The identity morphism on A is Xx.x , and the composition of t 
_ A^C 

C is t]t' = Xz.t'{tz) . This defines correctly a category, as the composition is 



associative and has identity morphisms as neutral elements. 



The categorical product of two X<^—pers A and 

: C 
and t2 



B, 



is {A ) 
A and 

(t,t/) = Xx.i\tx,t'x 



vFT^x^^-S), and for t 



t' 



C ^ B, 

C^AxB 



the pairing of ti 



B 



IS 




It is well defined (in particular it does 
not depend on the representative that we chose in the equivalence 
classes t and t') and is universal for the diagram on the right. 
The terminal object is the maximal X^^—per 1 = A x A. 

The exponent of A and B is B"^ = A ^ B, and the corresponding evaluation morphism 



is ev = Ax.(7rj^x)(7r2X 

t 



-B^xA^B 




* B 



The curried form of a morphism t : C x A ^ B is then 

A(t) = Xx.Xy.t (\x, y\) . It is well defined and is the unique 

morphism that makes the diagram on the left commute. 



Proposition 3.3 Pera.^ is a Cartesian closed category. 



3.2 Syntactic model in Per^^. 

We will now define a A^^-model in the CCC Per^.^ . In this category, there is a trivial reflexive 
object, that is actually equal to its object of functions (as proved in appendix B.l). 

Lemma 3.4 Let D be the object c^x^ in Pera^. Then D = . 

Also ~A^ is the object of PERA^that will be used to interpret untyped A-i^-terms. We do not 
need to define lam and app, and the morphisms c|'s and case are quite intuitive: informally, 
c* is the constant function returning c, and case takes an argument {9, t) in D" x D and 
return {|^|} • t. In the same way, ^ is just a constant function returning a match failure (we 
arbitrarily choose one of the possible ones). This actually defines a A^^-model (appendix B.l). 

Definition 3.2 (Syntactic model) The syntactic model (or PER modelj of the X^g-calculus 
is J^synt = (FERx^, D,LdD,LdD, (c*) i<i<n5 case, ^ ), where: 

• D is the relation — a<^- 

• given c a constructor, c* is Xx.c'^ . 
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• i is Ax.{| [j- • ci 



Proposition 3.5 ^synt is a X^^-model. 

Case-binding completion. Remember that A^^-models do not distinguish different match 
failures (as a matter of fact, ah of them are interpreted by ^ ). That is because the interpretation 
of a term first "completes" each case-binding with branches Cj i-^ ^ if Cj is not in its domain 
(c/. the description of the denotation of a case-binding page 3). Also in the PER model, 
undefined terms are "unblocked" and the rule CaseCons can be performed (and give H |} • Ci). 
Now we formalise the idea of case-binding completion. This enables an explicit definition of the 
interpretation of a term in the PER model, so that we can prove the completeness theorem. 

Definition 3.3 (Case-completion) The case- completion t of a term t is defined by induction: 

x = x AxTt = Ax.F p\^.t = p\^-t 

c = c tu = tu 

~ r / ^ ■ ^ 1 -,7 / f if Ci 1-^ Ui £ 6 

^ ^1 - - ^ * \ ^-ci z/q ^dom(e) 

Fact 3.4 This case- completion does not unify different defined terms: if two defined terms have 
the same case-completion, then they are equal. 

Proposition 3.6 In the model ^synt, the interpretation of a term t in a context F = xi; • • • ;Xk 

is 

— D''^D 

[t]r = Xx.t[xi := TT^x] (with x fresh in t). 

3.3 Completeness result. 

The proposition 3.6 ensures that if two A^-terms have the same denotation in the PER model, 
then they have the same case-completion modulo D {i.e. they are Af^-convertible) . It does not 
necessarily means that the two terms are A-g'-equivalent themselves, as it is not true for match 
failure: 

{|ci ^ky^y\^-C2 = {|ci ^ Xy.yy;c2 ^ HG- -ciG- -cs ~a.^ HG- -ci 
{|C2 Ay.y[^ • ci = {|ci {| • ci; C2 ^ Ay.y^ • ci ^x^ U ■ ci 

Nevertheless, {|ci i— )■ Xy.yy^ ■ C2 9^a.^ {|c2 Ay.y|} • ci. This explains why match failure all have 
the same interpretation in ^gynt- However, this defect is restricted to undefined terms. Now 
we show that the case-completion does not modify the A^^-equivalence on defined terms. 

Proposition 3.7 Let ti and t2 be two hereditarily defined terms. Then 

The proof of this proposition uses rewriting techniques, and relies on several lemmas (whose 
proofs are given in appendix B.2). For technical reasons, we need to separate the rule CaseCase 
from the other ones. Also we write A^ the calculus with all the rules except CaseCase, and 
cc the rule CaseCase. 

Fact 3.5 The definition of case- completion (Def. 3.3) preserves all X^g-redexes. Also if t ^ u 
then t ^ u, and if t is a normal form then so is t. 
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Lemma 3.8 (Reduction on completed terms) 1. Let t be a defined term. 
Then, for any term t' , 



i — )•,- t' implies t' = to for some to such that t ^ to- 
2. For any terms t, t' , 

t -^cc t' implies t' — >-*^ to for some to such that t -^cc ^o- 

The rule CaseCase does not have the same behaviour as the other rules w.r.t. case- 
completion, and requires a special attention. It has been proved that the reduction rule 
CaseCase forms a confluent [1, Theo. 1] and strongly normalising [1, Prop. 2] rewriting system. 
So every A<i^-term t has a unique normal form JJ. t for the rule CaseCase. It is characterised by 
the following equations: 

\\.x = X -IJ. {q iH> / iei} = {ci Ui I ie/} 

J|c = c Ift = x|c| \x.u I t\t2 , then 

\\x.t = \x.\t ^fl0[[.t= ^^Q\-lt 

^(tu) = ^t\u ^{ie\.^^.t)= ^ (fle o i) 

Lemma 3.9 Commutation case- completion /cc -normal form 
For any term t, 

^(t) = \^t . 

Lemma 3.10 For any terms t,t' if t t' then there exists a term u such that 

^ t ^* u ^ t' . 

Corollary 3.11 If t is hereditarily defined, then for any t' , 

t t' implies ^t' = to for some to such that t — ?>* to ■ 
Proof: By induction on the reduction t — )•* t' . 

li t = t' , take to = ^ t. Now assume t — )•* u -^r t' . By induction hypothesis, there is some uo 
such that \y u = Uo and t uo- If u reduces on t' with the rule R = CaseCase, then 
JL t' =J| u = Uo, and to = uo does the job. Otherwise, t u — t'. 

t > U > t 



cc 



- cC 



-IJ- U=Uo > Ui — > J| t' = i}. Ul 

— > Uo > Ul > 4 Ul 



cc 

First of all, u t' implies JJ- u ~^cc ^ ^' some u' (Lem. 3.10). 

Also uq — )•* u', and thus u' = u{ for some term ui such that uq — ui (Lem. 3.8.1, 
since mq is defined). Moreover, ui — t-ccI)- ^' implies that JJ- 1' is the CaseCase normal form of ui. 
Hence -IJ- 1' = JJ- ni = JJ- ui (by Lem. 3.9). Also we can chose to =-11- ^i- D 
Now we have all the ingredients we need to prove that the case-completion preserves the 
Ac^-equivalence on hereditarily defined terms. 
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Proof: (of Prop. 3.7). 

h -A 



t2 



Let ti,t2 hereditarily defined such that ti 
t2- Since the A<^-caIcuIus satisfies the Church- 
Rosser property, there is a term u such 
that tl —7-* u and t2 — >■* u. 

Hence Cor. 3.11 provides a term u' such that 
ij- u = u', and ti — >* u' for each i G {1, 2}. Thus 

Together with the exphcit definition of the interpretation of a term in the PER-model, this 
gives the result of completeness of A<^-models for terms with no match failure. 

Corollary 3.12 (Completeness) Let ti and t2 he two hereditarily defined terms whose free 
variables are inV = {xi, . . . , Xk} such that [t\\r = [t2\r "in- the syntactic model ^synt, then ti 

t2- 




Proof: By Prop. 3.6, if ti and t2 have the same interpretation in 



'synt 



, it means that 



Xx.ti [xi := vr x] 



\x.t2[xi := vrfx 



Hence {Xx.ti[xi := vrfx]) (|xi, . . . ,Xk\)k 



{Xx.t2[xi := vTj^x]) dxi, . . . ,XfcDfc : D- Since D is the 



Ac^-equivalence relation on terms, it means that ti t2, which entails ti ^2 by Prop. 3.7. 

□ 

A fortiori if two hereditarily defined terms have the same interpretation in any A<^-model 
then they are A-i^-equivalent, since ^synt is a A-i^-model. This achieves the proof of Complete- 
ness theorem (Theo. 3.1). 

Notice that the separation theorem for the lambda calculus with constructors [1, Theo. 2] 
specifies that two hereditarily defined terms are either A<^-equivalent or (weakly) separable. So 
any terms that can be separated by this syntactic lemma are also semantically distinguished 
by our definition of model. However a slight modification of this definition could allow to 
semantically separate more terms. If, instead of having one fail constant ^ we had one for each 
constructor (say ii,fail2 etc.), we could "complete" a case binding with the corresponding 
fail constant in each undefined branch. This would enable keeping track of the constructor 
that raises the match failure. For instance, {|ci i-^ Ax.x[}- • C2 would be denoted by ^2 and 
{|ci I— )• Ax.x|} • C3 by ^3. Only terms like {|ci 1— )• Ax.x|} • C2 and {|c3 1— )■ Ax.xx|} • C2 would not be 
semantically separated. 



Conclusion 

We have defined a notion of categorical model for the lambda calculus with constructors that is 
reasonably complex: in addition to the usual axioms of a CCC, it involves three morphisms (or 
family of morphisms) and the commutation of six simple diagrams. We have also proved that 
this categorical model is complete for terms with no match failure. 

Still, completeness does not hold for match failures. This is due to the way we interpret 
the case-bindings. Since the denotation we give to them is a point of D^, it requires to "fill" 
artificially every undefined branch of a case-binding. A way to cope with this problem could be 
to first identify the domain / C [[l..n] of a case-binding = {q 1— )• Uj/i € /}, and interpret it by 
the point (nj)jg/ of D""' (where nj is the cardinal of /). The object that represents case-bindings 
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would then be the sum (the dual notion of product) S/cji n| ■ However, the definition loses 
its relative simplicity and some difficulties arise to define the case composition. 

Future work A natural question is now to find some concrete instances of the categorical 
model. The PER model is one, but it would be of great interest to have some non syntactic 
models. We could try to adapt the historically first model of the pure lambda calculus [14]. 
However there is no reason for the usual Scott's D^o domain to satisfy the commutation of 
our diagrams. A first step could be to find out a domain equation to characterise the lambda 
calculus with constructors, and then solve it with Scott's technique. 

An other issue is to define a categorical model for the typed A-g'-calculus [13]. This type 
system is rather complex, basically because of the reduction rule CaseApp that transforms a 
sub-term that is a priori a function into a sub-term that is a priori a data-structure. To deal 
with this difficulty (and also to enable the typing of variadic constructors), the type syntax 
includes an application construct and the type system uses sub-typing. Also defining a typed 
categorical model for the lambda calculus with constructors probably requires a categorical 
definition of this type application, and a way to express categorically this sub-typing relation. 
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A Proof of Soundness 



Proposition 2.6. If ^ = (C, lam, app, (ci*)"^]^, case, ^ ) is a X'^-model, then for any T = 
{xi, . . . ,Xk} and any terms ti,t2 such that fv(ti) C T and ti — )• t2, the interpretation given in 
Fig. 3 satisfies [ti]r = [t2]r- 

Proof: Let ti,t2 be two A<i^-terms such that ti t2- We prove by induction on the structure 
of ti that for any T containing all free variables of ti, [ti]r = [t2]r- If the reduction does not 
involve a head redex, we immediately conclude with induction hypothesis. So we consider all 
possible reductions in head position: 



((A(/0;lam),[«]r> 

Z^fe > D xD 



ti = (Xx.t) u and t2 = t[x := n]. 
\ti]v 

with ft= y.D 
[ti]v 



> xD > D 



{Md, Mr) 
{Md, Mr) 
{Md, Mr) 
[t[x := u]]r 



(A(/t); lam; app) x Md ; ev 
A(/t) X Md ; ev (Dl) 
ft (Def. of exponential) 

(Lem. 2.5) 



ti = Xx.tx (with X ^ fv(t)) and t2 = t. Then [ti]r = ^{ftx) lam 

= , {[t]T,x,[x]T,x) appxHo ev 

where ftx= D'' x D ^ L>^+i > DxD > x D ^ D . 

But X ^ fv(t) implies [t]r,x = {'^i^^ ^ ■ ■ ^ '^k^'^) ' Wr by weakening property (Lem. 2.4), 
and [x]r,x = 7r^+|- 



So/, 



xD 



fe+i fe+i\ 



■''^k )^^k+i) , ([t]r;app)x/do ev 

> xD > X D ^ D 



By uniqueness of the exponential, A(ftx) 
by (1)1). 



[t]r; app, and [ti]r = [t]r; app; lam = [t]r 



ti = H^l} • q and t2 = Ui, where 6* = {cj i-> uj/j G J}, with J C [l..n]]. 
Then [ti]r = ( (/i, ...,/.) , [ci]r ) ; case with f, - ^ ^""'^^ ^ ^ 

and [ci]r c*. 

The following diagram commutes: > x 1 



£)k ; ^ otherwise 

/d£,n XC* 

^ x 1) 




so [t 



ijr 



(/l,--- ,/n) ; T^? = fi 



(/iv :/n> 



M]r- 



ti = fl^^-(t'u) and t2 = {p^-t)u. 

[h]r = ( [6']r , Mr) ; case with [tu]r = {[t]r, Mr) ; (app x Md) ; ev 

[*2]r = ((( [d]r , Mr) ; case) , Mr) ; (app x MD);ev 

So [ti]r = [t2]r because the following diagram commutes: 
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([e]r,(Mr,[«]r» 
(([e]r,([i]r»,[n]r> 



Id x{a.ppx Id) ^ Idxev 

x{D X D) > X {D^ X I?) > D"" xD 




X D)xD 



case X /d 



D X D 



app X H 



xD 



= . Xx.t and t2 = Ax.{|6'[}- • t with x ^ i\{e). 



[ti]r = ([0]r, (A(/t);lain)) ; case with ft= x D ^ D^+^ ^ D , and 



r,x,[t]r,x) case 

> D"^ xD > D 



Nr =A(/^eH);lam with /^^H = i^'^ x I) ^ I^'^+i 
So [ti]r = ([0]r,(A(/t);lani)) ; case 

= ([ejr, A(/t)) ; {Md^ x lam) ; case 

= mv^kUt)) ; case° ; lam by {DA) 

Hence = Nr if ([^]r, A(/t)) ; case° = A(/^e^t)- 
Remember that case° = A(/case), with 

/case = (£>" X Z?^) X D ^ Z?" X (Z?^ X D) ^''°"^^'> £>" X £> D • To simphfy this 

equation, we use this intermediate lemma (that follows from the uniqueness of exponent). 



Lemma A.l In any CCC, given four objects A,B,C and C , and three morphisms g : 
C X B, g' : C X A-)- B and h : C -)■ C, 

A{g)=h;A{g') ^ g = {h x Ma); g' . 

Thus [ti]r = [t2]T if mT,Mft)) X Idd) ; /case = fpif 

Remark that (([^]r, A(/()) x Id^) ; /case = Ihs ; case, with 

([9]r,Hft))xIdD S Idonxev 

Ihs = D^xD ¥ {D"xDi^)xD > D^x{D°xD) > D'^xD 

((ttj ; [6»]r),/<i> Idonx{A{ft)xIdn) Id^^nXev 

= D'^xD > D^x{D^xD) > D"x(D^xD) > D"xD 

((ttj ; [e]r),/rf> Idonxft 
= D''xD > D"x{D'=xD) > D"xD 

On the other hand, fp^-t = rhs ; case, with 

^ {Id,Id) [e]r.xX[t]r.x 

rhs = D'^xD Z)'=+i > Z)'=+ixZ)'=+i , mi > D"xD 

e {Id,Id) (...,7vl+^)xld [e]rx[t]r.x 

= D''xD — >• D^+i > D^+^xD^+^ > D'=xD''+^ > D"xD (Lcm. 2.4) 

{Id,Id) TT^x^ [ejrxMr.:, 

= D'^xD > (D^xD)x{D''xD) > D*'xD''+'^ > D"xD 

{Id,Id) K;[e]r)x/t 
= D'=xZ) > (D''xD)x{D''xD) > D"xD 

Finally rhs = Ihs = {{n-^ ; [9]r) , ft), and so [ti]r=[i2]r- 

ti = m-M-t and t2 = po^ff.t. 

[h]r = {{[d]r, (Mr, Mr))) ; (Ido^ x case) ; case, and 

Nr = (([^o'A]r,Wr>) ; case. 

Both terms have the same interpretation if the following diagram commute: 
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X [D"- X D) 
([e]r,(Mr,[t]r» / ^ 

(([9]r,Mr>,Wr> 



([eo</,]r,Wr) 



/cijjn X case 




(Lem. 2.3) 



D"" X D 



The upper triangle commutes by uniqueness of the product, the triangle below com- 
mutes if (-D6) commutes (consequence of Lem. 2.3), and the right part of the diagram 
is exactly {D5). Also the interpretation is correct w.r.t. CaseCase if {D5) and {D6) 
commute. □ 



B Proofs for Completeness 

B.l Some properties of Per 

Lemma 3.4. Let D be the object in Per;!^^. Then D = D 
Proof: 



D 



C: lit = t' : D, then u = u' : D implies tu = t'u' : D by definition of D. This means t = t' : 

D: Assume t = t' : , and choose x not free in t nor t'. Since x = x : D, then tx = t'x : D. 
So Xx.tx = Xx.t'x : D by contextual closure, and t = t' : D hy LamApp. □ 



Proposition 3.5. Let ^synt 
• D is the relation 



^ERx^, D,LdD,IdD, {c*)i<i<n, case, i), where: 



given c a constructor, c* is Xx.c 



ID 



case is Xx.^{c\ vrj"(7r^x))i<i<„[} • n^x 



{D"xD)^D 



^ is Xx. 



■ Cl 



■^synt is a X^ -model. 

Proof: Per^^ is a Cartesian closed category by Prop. 3.3, and Ldo is an isomorphism from D 
to by Lem. 3.4. We first check that the morphisms are well-defined: 

• c* € dom(l D) for each constructor c. Indeed, for any terms u,u' , 
(Ax.c) u c (Ax.c) u'. Hence Ax.c = Xx.c : 1 — > L). In the same way, 
i G dom(l ^ D). 

• case € dom(L)" x D ^ D) since Ax.{|(ci t-^ 7^f{^^-^^x))^^;^^\^ ■ vTgX G (D" x D) ^ D. Indeed, 
let i = M : (-D" x D). By definition, 7r"(7r^t) = -k'^{'k^u) : L>, and vTgt = vrgU : -D. Thus 

(Ax.fl(ci ^ vrr(7rix))r=4 " ^2^)* fl(ci ^ vr,"(vrii))r=4 ' ^2 t 

-A^ (Ax.fl(ci ^ ^''K2:))^=4 • ^2^)^ 

Finally by Prop. 2.1 it is sufficient to show that the diagrams (-D1), {D2), (-D3), {D5) and {D6) 
of Fig. 2 commute. For (Dl) it is obvious with lam = app = Ldi). We show the commutation 
porperty for the other diagram. 
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We show that rhs = vr", where rhs = ; (Jd/jn xc|) ; case (with = Xx.(\x, x\) 
Notice that {Md^ x c*) = Xx.(\Tr^x, {Xx.Ci){-K2x)\) . We simplify rhs, considering terms up 
to Af^-equivalence (1). 

rhs = Az.tcase((Ax.(|7riX, (Ax.Ci)xD) ((Ax.(|x, xD)2:)) 
= A2;.tcase((lvri(|z,4, (Ax.Q)(7r2(|2;, 4)1)) 

= A2:.tcase((|2;,CiD) 

= AzJ(Q^7rf(7rJz,Q^))r=i^vr2^z,Q^''"^'' 
= Az.^(q ^7rf(7rJz,Q^)) ^^,^7r,^z,Q^ 

= Az.fl(Q^7rf z)tirc,''"^'' 
= Xz.TT^ z by CaseCons 

We show that Ihs = rhs, where Ihs = (case x Md) ', (app x Md) ', ev, 
and rhs = ; {Id£,n x (app x Ido)) ; {Id£,n x ev); case, with 

ft,^ = Ax.^7r^(7rix), ^7r2(7r^x),7r2xpp 
Notice that app x Id£, = IdijxD, so Ihs = (case x Id^) ', ev, and 

rhs = ; (Md" x ev); case. 



Ihs = A2:.(Ax.(7r^x)(7r2x)) ((Ax.(|tcase(7rix), vrgxD)^) 

= A2;.(Ax.(7r^x)(7r2x)) (|tcase(vri2;), 7r22;D 

= Xz.{tca.se{-^iZ)) iTT2z) 

= Az.(fl(Q^7rf(^i(^i4))f^,^7r2(7r,4)(7r2z) 



rhs = Az.tcase (Aj/.^TT^j/, (Ax. (tt^x) (7r2x)) (7r27/)^ ) ((Ax.^7r^(7r^x), (|7r2(7r^x ), 7r2X^^)z) 

= Az.tcase (Aj/.^TT^?/, (tT^ (TTgj/)) (7r2 (7r2 y))^ ) ^TT^ (vT^z) , (|7r2 (vT^ z) , 7r24 ^ 

= Az.tcase (|7ri(7r^2:), (7r2(7r^2:))(7r22:)D 

= Az.^(q ^ 7r,"(7ri(7r,z)))[Li^ • {Tr^jTr.z) (tt^z)) 

= Az.(fl(ci ^7r;'(7ri(7riz)))f^4 •7r2(7riz))(7r2z) by CaseApp 

Let Ihs = (• X Idu) ; case, and rhs = ; (Md^ x case) ; case, with 

. . . ^ ^(D"xD")xD^D"x(D"xD) 

/I- = Ax.^7r^(7rix) , \'K2\'^^x) , 7r2xPP 
Then (-05) commutes means Ihs = rhs. 

Remember that • : Z?" x — > is the pairing of ah {Id^^ x vr") ; case. Thus 



• = Ax.^. ■ ■ , (Aj/. tease ^ T^niT^lVW) ^^ ■ ■ ^ 

= Ax.^. . . ,tcase ^TT^X, <(7r2x)^,...^ 

• X Md = Xx.(\ j.., tease ^7r^(7rix), 7r^(7r2 (tt^x))^ , . . .[) , 7r2x[) 

Ihs = Az.tease (\ ^ ■ ■ , ^case ^TT^ (tT^z) , < (7r2 (tT^ z))^ , ■ ■ ■ ^ , TT^Z \) 
= Az.{|(Ci ^ tease KK^) ^ 4(^2(^1^))^ )F=1 p- ' ^2^ 
= Az.{|(Ci tease KK^) ^ Ki^2iv))\>)i=A ' K^) 

= Az.fl(Q ^ ^(c,- ^ 7r;(7r,(7r,z)))^^4 ■ {K{^2i^iz) )))f^,\^ ■ {tt^z) 
rhs = Az.tease ( (Ax. (|7r^x , tease (7r2x)D ) (j-^iiT^iz) , <\'n:2i'^iz) , vr24D) 

= Az.tcase {<\TTi{iriZ) , t 

case ^7r2(vriz) , vr24^) 



A2:.-fl(Ci (7ri(7r^z)))[Li^ • tease KC^Ti^ , 7r24 

Az.^(q ^ <(vri(7riz)))r=i^ • ^(c, ^ vr7(^2K^)))"=i^ ' K^) 

Xz.^icj ^ fl(Q ^ vrf (7ri(7riz)))[Lifr • vr;^(vr2(7riz)))^^,^ • (tt^z) (by CaseCase) 
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{D6): This diagram commutes if Ihs = rhs, with Ihs = ; i , 
and rhs = [Idon x ^) ; case. 

Ihs = Az.(Aa;.{|[}- • ci) {112^) ^ ~^ 

= AzJ^ -Ci 

rhs = Az.tcase (IttiZ, ,(Ax.{|[}- -ci) (vr22;)D 

= Az.tcase , HI} • CiD 

= Az.H(Q^7^?(v^,.))tl^m•Cl''"''"'' 

= Xz.^ ■ ci (by CaseCase) □ 

Proposition 3.6. In the model ^synt, the interpretation of a term t in a context T = xi; ■ ■ ■ ; 
is 



[t]r = Xx.t[xi := TT^x] (with x fresh in t). 

Proof: The proof proceeds by structural induction on t. If t = xi ox t = c, we just have to 
write the definition of [t]r- If t = Ax^+i.to or i = tit2, the equation is straightforward from 
definition of [i]r and induction hypothesis. We detail the proof when t = {|0|} • u: 
Mr = ([6']r; Mr); case, with [6']r = where /,• = [Mj]r if Cj H> Uj G 6*, and fj = 

(= Ax.-a ^ci^'^^) if c,- ^ dom(e). So 

[t]r = Ax.tcase ^teX.tuX) 



with case = tcase^ y-D^D ^ j^j^ _ ->D ^ ^^j^ _ -^D induction hypothesis, 

we can chose tu = Xx.u[xi := T^fx], and tg = Xx.(\tix, . . . ,tnx\)n with tj = Xx.Uj[xi := vrfx] 
if Cj iH^ Uj G 0, and = Ax.fl |} • Ci if Cj ^ dom(^). 

Also Ax. tease , <\teX, t«xD Ax.tcase , d d^l^;, • • • , tnX\)n , u[Xi := Vrf x] D 

-Av Ax.-{](9 ^ tj-a;)^^!^ • S[xi := Trfx] 



-A^ Ax.-{]0rn[xi :=7rfi 



Indeed, tjX Uj[xi := tt^x] if Cj Uj E 0, and {| |} • ci if Cj ^ dom(0). 

~ 1 — ^^^^ 

Since D — >■ D is compatible with [t]r = Ax.t[xi := vr^ x] . □ 



B.2 Some rewriting properties 

Lemme 3.8.1 (A^reduction on completed terms). 

Let t he a defined term. Then, for any term t' , 

t — t' implies t' = to for some to such that t — > to- 

Proof: By structural induction on t. First notice that every CaseCons redex present in t 
corresponds to a CaseCons redex in t, as t is defined. Moreover, {| |} • ci is not reducible so 
every redex in a sub-term of t corresponds to a redex in a sub-term of t Also if the reduction t — t- t' 
is performed in a (strict) sub-term oft, we can immediately conclude with induction hypothesis. 
So it is sufficient to check the lemma for the five possible reductions in head position t —> t' , 
which is trivial. □ 
Lemme 3.8.2 (CaseCase reduction on completed terms). 
For any term t,t' , 

t -^cc t' implies t' -^*^ to for some to such that t -^cc to 
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Proof: By by structural induction on t. If the CaseCase reduction occurs in a strict sub-term 
of t then we conclude with induction hypothesis. Otherwise t = {|^|} • {|(/)|} -u, and t' = {|0o(^|}-S. 
Then we take to = ° ■ u, since 6 o cp -^*^ 6 o (j). Indeed, if = {q i-7> Ui/i G /} then 

0o^ = {c,^i^ej-Ui/i£l}U{c^^m-U-Ci/i(^I} 

9^ = {u^p\\-Ui/iei}u{u^U-ci/i^i} 

Also t' to. □ 
Lemma 3.9 (Commutation case-completion/cc-normal form). 

For any term t, 

^(t) = ^t . 



Proof: By induction on the size of the maximal reduction t — >ccJ| (t)- If t =i}- (t), then t 
is CASECASE-normal, and so is t (Fact. 3. 5). Xhus t — JJ. t and t — -IJ- 1. Otherwise let t — ^cc 
t' — s-ccJJ- (t). By Lem. 3.8.2, there is a term to such that t' — to and t — >cc ^o- Hence 
t — to — >cci^ (0 =^ (^o)- By induction hypothesis, -IJ- (to) = JJ- to. Moreover JJ- to =JJ- t, so 

(Jt) = OUS =4 {to) =i}- (t). □ 
Lemma 3.10. For any terms t,t' if t t' then there exists a term u such that 

4 t u t' ■ 



Proof: The proof proceeds by induction on s(t), the structural measure of t defined by 

s(x) = 1 s{Xx.t) = s(t) + l s{p\\-t) = s{t) X {s{e) + 2) 

s{c) = 1 s{tu) = s{t) + s{u) s{6) = Ecedom(e) K^c) 

Notice that this measure decreases with the subterm relation but also with CaseCase reduction 
(s({|0|} • {|(/)|} • u) > s{)^6 o ■ It for any 6,(j),t). For any term s (or any case-binding 9), s' 
{resp. 9') represents a term {resp. a case-binding) such that s -^\^ s' {resp. 9^ -^\<^ 9'^ for some 
c € dom(6'), and 9^i = 9'^, for c' / c) 

• If t is an application, either t = tit2 and t' = t'^t2 (or t' = tit2) and we conclude with 
induction hypotheses, or t = (Aj;.ti)t2 and t' = ti[x := t2]. In that case, JJ- 1 = (Ax. JJ- ti) JJ- 
t2 *2] ^cc^ (^ ti)[x :=4 t2]. Moreover, ^ (^ ti)[x :=4 t2] =^ (ti[x : = 
t2]). Thus 4 t (4 ti)[x t2] t'. 

• If t is an abstraction, either t = Ax. to and t' = Ax.tg and we conclude with induction 
hypothesis, or t = Xx.t'x with x ^ fv(t'). In that case, JJ- 1 = Ax. JJ- t'x ^ 

• If t = {|6'|} • X, then t' = {|0'|} • x and we conclude with induction hypothesis. 

• If t = {|0|} • c, then either t' = {]6''|} • c and we conclude with induction hypothesis, or 
t' = 0c and 4 t = ^ • c ^^-4 ^c- 

• If t = H^l} • tit2, then either t' = {|0'|} • tit2 and we conclude with induction hypothesis, or 
t' = fl^^ • to with tit2 to or t' = {^9^ ■ ti)t2. 

In the second case, by induction hypothesis there is some uo such that 
JJ- ^1^2 — >t- ""0 -^*cc^ to- Hence 

i^t = UOli^ tit2 ^* U0^-UO<cU 4 to Un-i^to. 
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Moreover, every sub-term of ij. t' is in CaseCase normal form, so 
ii't'=ll^H ^H- ^ ^0- Thus ^ t HOft-uo t'. 
In the last case, J| t = {| -IJ- 0|} • (-IJ- ti J| ^2), so 

• If t = D^l} • \x.to, idem as previous case. 

• Iit = Pim-to, then either = m-W^to, or t' = F^{l'/'^^o, or t' = fl0'^fl</>^^o• 

In the first case, write ti = {]^o(/)|}-to and t[ = {]^?o0'[}- -to- Remark that s{ti) < s{t) (since 
the structural measure decreases by CASECASE-reduction), 

and that ti -^\^ t[. By induction hypothesis, there is some u such that 
-ij. ti — >■* u — ^cc-ll' ^'i- Since -JJ- i =-JJ- ti and JJ- 1' t'^ we are done. 

In the second case, same method but with t'l = o 4>\^ ■ tg. 

In the last case, write i = {|^|}-{|0i|}----{|(/>A;|}-WO) where uq is not a case construct (thus 
k > 1). Then J| t = J| {9oi;)\^- J| uq, with = ^/>io(- • -0^^), and JJ- i' = -fl JJ- (6''o^/))[}- JJ. 
(since ((6* o 0i) o • • • ) o 0fc o V^). 

Let us explicit J| t and JJ- 1': JJ- 1 = {|c i-t'JJ- {|^|} • i/'c / c G dom(i/')l}- JJ- ito 

^t' = -{]c^^-{]^'fr-V'c/cGdom(V')fr-^uo 

Remark that s({)^|}-'0c) < s(i) (the structural measure decreases by CASECASE-reduction, 

and preserves the order of sub-term relation), and that 
H^l} • ^pc -^x~ {|^'|} • V'c- Hence , by induction hypothesis, for each c € dom('i/;) there 
is a term Uc such that JJ- {|^|} • -^c -J't- Uc -^cA {|^'|} ' V'c- Thus 

JJ- i ti -)-*cJJ- for u = -flc /c G dom(V')|}- J| 'Uo ■ □ 
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